Post Content Source: Read MoreÂ
Post Content Source: Read MoreÂ
The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. The deepin distribution team has announced version 25 of its operating system. The deepin distribution includes the new Deepin Desktop Environment 7.0, an immutable filesystem, and an AI assistant which responds to voice commands. “We deeply understand the importance of system stability for users. To this end, deepin….
SpicyPass is a lightweight password manager that uses state of the art cryptography and minimalist design principles. The post SpicyPass…
In this article I explore a simple upgrade to improve the Raspberry Pi 5’s network speed. The post Raspberry Pi…
CISA Warns of FortiOS Hard-Coded Credentials Vulnerability Exploited in Attacks
CISA has issued a critical warning regarding a Fortinet FortiOS vulnerability that poses significant risks to network security infrastructure.
On June 25, 2025, CISA added CVE-2019-6693 to its Known E …
Read more
Published Date:
Jun 26, 2025 (3 hours, 48 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2019-6693
Citrix waarschuwt voor misbruik van kritiek lek in NetScaler ADC en Gateway
Citrix waarschuwt organisaties voor actief misbruik van een kritieke kwetsbaarheid in NetScaler ADC en NetScaler Gateway. Het gaat om een buffer overflow die volgens Citrix tot “unintended control flo …
Read more
Published Date:
Jun 26, 2025 (3 hours, 40 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-6543
Cisco ISE-servers via kritieke kwetsbaarheden volledig over te nemen
Cisco waarschuwt voor twee kritieke kwetsbaarheden in de Identity Services Engine (ISE) waardoor aanvallers volledige controle kunnen krijgen over de server waarop de oplossing draait. De impact van b …
Read more
Published Date:
Jun 26, 2025 (2 hours, 32 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-20282
CVE-2025-20281
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
CISA has confirmed that a maximum severity vulnerability in AMI’s MegaRAC Baseboard Management Controller (BMC) software is now actively exploited in attacks.
The MegaRAC BMC firmware provides remote …
Read more
Published Date:
Jun 26, 2025 (2 hours, 28 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-54085
CVE-2023-34329
Surge in Attacks Targeting MOVEit Transfer Systems – 100+ Unique IPs Used by Attackers
Researchers observed a significant increase in malicious scanning activity targeting MOVEit Transfer systems observed with over 682 unique IP addresses participating in coordinated reconnaissance and …
Read more
Published Date:
Jun 26, 2025 (1 hour, 48 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-36934
CVE-2023-34362
CISA Warns of Vulnerabilities in ControlID iDSecure Software Allowing Authentication Bypass
CISA has issued a high-priority security advisory warning organizations about critical vulnerabilities in ControlID’s iDSecure On-premises vehicle control software.
Released on June 24, 2025, the advi …
Read more
Published Date:
Jun 26, 2025 (1 hour, 37 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-49853
CVE-2025-49852
CVE-2025-49851
IBM i Vulnerability Allows Let Attackers Escalate Privileges
A critical security vulnerability affecting multiple versions of IBM i that could allow attackers to escalate privileges through an unqualified library call in IBM Facsimile Support for i.
The vulnera …
Read more
Published Date:
Jun 26, 2025 (1 hour, 32 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-36004
CVE ID : CVE-2025-6624
Published : June 26, 2025, 5:15 a.m. | 5 hours, 48 minutes ago
Description : Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or DEBUG/TRACE mode.
The issue affects the following Snyk commands:
1. When snyk container test or snyk container monitor commands are run against a container registry, with debug mode enabled, the container registry credentials may be written into the local Snyk CLI debug log. This only happens with credentials specified in environment variables (SNYK_REGISTRY_USERNAME and SNYK_REGISTRY_PASSWORD), or in the CLI (–password/-p and –username/-u).
2. When snyk auth command is executed with debug mode enabled AND the log level is set to TRACE, the Snyk access / refresh credential tokens used to connect the CLI to Snyk may be written into the local CLI debug logs.
3. When snyk iac test is executed with a Remote IAC Custom rules bundle, debug mode enabled, AND the log level is set to TRACE, the docker registry token may be written into the local CLI debug logs.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2938
Published : June 26, 2025, 6:15 a.m. | 4 hours, 48 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1754
Published : June 26, 2025, 6:15 a.m. | 4 hours, 48 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-37101
Published : June 26, 2025, 6:15 a.m. | 4 hours, 14 minutes ago
Description : A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions).
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41404
Published : June 26, 2025, 6:15 a.m. | 4 hours, 48 minutes ago
Description : Direct request (‘Forced Browsing’) issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48497
Published : June 26, 2025, 6:15 a.m. | 4 hours, 48 minutes ago
Description : Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5315
Published : June 26, 2025, 6:15 a.m. | 4 hours, 48 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3279
Published : June 26, 2025, 6:15 a.m. | 4 hours, 48 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…